Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 10

Notices

Reply
 
Topic Tools
  #16  
Old February 12th, 2017, 12:58 PM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
fixlist.txt file:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Al (12-02-2017 11:35:12) Run:1
Running from C:\Users\Al\Desktop
Loaded Profiles: Al & ntp (Available Profiles: Al & UpdatusUser & ntp & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-08-20] (Anvisoft)
S1 Asdids; C:\WINDOWS\System32\DRIVERS\asdids.sys [47632 2014-08-20] (Anvisoft) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-20] (AVG Technologies)
S1 BdfNdisf; C:\WINDOWS\system32\DRIVERS\bdfndisf6.sys [107496 2016-02-16] (BitDefender LLC)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S1 bdfwfpf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys [X]
end
*****************

HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\Microsoft\Windows\CurrentVersion\Run \\SpybotPostWindows10UpgradeReInstall => value removed successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \lhmiofmipcpmhgihiecmpiekcacigpgb => key removed successfully
AnviCsbSvc => Unable to stop service.
HKLM\System\CurrentControlSet\Services\AnviCsbSvc => key removed successfully
AnviCsbSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\Asdids => key removed successfully
Asdids => service removed successfully
avgtp => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgtp => key removed successfully
avgtp => service removed successfully
HKLM\System\CurrentControlSet\Services\BdfNdisf => key removed successfully
BdfNdisf => service removed successfully
HKLM\System\CurrentControlSet\Services\KLIF => key removed successfully
KLIF => service removed successfully
HKLM\System\CurrentControlSet\Services\bdfwfpf => key removed successfully
bdfwfpf => service removed successfully


The system needed a reboot.

==== End of Fixlog 11:35:22 ====

Logfile:

# AdwCleaner v6.043 - Logfile created 12/02/2017 at 11:53:43
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-09.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Al - ALS_COMP
# Running from : C:\Users\Al\Desktop\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Users\Al\AppData\LocAl\DriverToolkit
Folder Found: C:\Users\Al\AppData\LocAl\PackageAware
Folder Found: C:\Users\Al\AppData\LocAl\avg web tuneup
Folder Found: C:\Users\Al\AppData\LocAlLow\Check Point Software Technologies LTD
Folder Found: C:\Users\Al\AppData\LocAlLow\avg web tuneup
Folder Found: C:\Users\Al\AppData\Roaming\eCyber
Folder Found: C:\Users\Al\AppData\Roaming\iSafe
Folder Found: C:\Users\Al\AppData\Roaming\MailUpdate
Folder Found: C:\Users\Al\AppData\Roaming\ParetoLogic
Folder Found: C:\Users\Al\AppData\Roaming\SecureSearch
Folder Found: C:\Users\Al\AppData\Roaming\WinZipper
Folder Found: C:\Users\Al\AppData\Roaming\PARETOLOGIC
Folder Found: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\ByteFence
Folder Found: C:\ProgramData\ParetoLogic
Folder Found: C:\ProgramData\avg web tuneup
Folder Found: C:\ProgramData\PARETOLOGIC
Folder Found: C:\ProgramData\Application Data\ParetoLogic
Folder Found: C:\ProgramData\Application Data\avg web tuneup
Folder Found: C:\ProgramData\Application Data\PARETOLOGIC
Folder Found: C:\Program Files (x86)\DriverToolkit


***** [ Files ] *****

File Found: C:\Users\Al\daemonprocess.txt
File Found: C:\Users\Al\AppData\Local\Temp\reimage.log
File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
File Found: C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\invalidprefs.js
File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
File Found: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_noajmlkipclmeolfcnflkjhijkigpfjh_0.local storage


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found: ReimageUpdater
Task Found: ReimageUpdater
Task Found: reimageupdater


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\WinZipper.001
Key Found: HKLM\SOFTWARE\Classes\WinZipper.7z
Key Found: HKLM\SOFTWARE\Classes\WinZipper.arj
Key Found: HKLM\SOFTWARE\Classes\WinZipper.bz2
Key Found: HKLM\SOFTWARE\Classes\WinZipper.bzip2
Key Found: HKLM\SOFTWARE\Classes\WinZipper.cab
Key Found: HKLM\SOFTWARE\Classes\WinZipper.cpio
Key Found: HKLM\SOFTWARE\Classes\WinZipper.deb
Key Found: HKLM\SOFTWARE\Classes\WinZipper.dmg
Key Found: HKLM\SOFTWARE\Classes\WinZipper.fat
Key Found: HKLM\SOFTWARE\Classes\WinZipper.gz
Key Found: HKLM\SOFTWARE\Classes\WinZipper.gzip
Key Found: HKLM\SOFTWARE\Classes\WinZipper.hfs
Key Found: HKLM\SOFTWARE\Classes\WinZipper.iso
Key Found: HKLM\SOFTWARE\Classes\WinZipper.lha
Key Found: HKLM\SOFTWARE\Classes\WinZipper.lzh
Key Found: HKLM\SOFTWARE\Classes\WinZipper.lzma
Key Found: HKLM\SOFTWARE\Classes\WinZipper.ntfs
Key Found: HKLM\SOFTWARE\Classes\WinZipper.rar
Key Found: HKLM\SOFTWARE\Classes\WinZipper.rpm
Key Found: HKLM\SOFTWARE\Classes\WinZipper.squashfs
Key Found: HKLM\SOFTWARE\Classes\WinZipper.swm
Key Found: HKLM\SOFTWARE\Classes\WinZipper.tar
Key Found: HKLM\SOFTWARE\Classes\WinZipper.taz
Key Found: HKLM\SOFTWARE\Classes\WinZipper.tbz
Key Found: HKLM\SOFTWARE\Classes\WinZipper.tbz2
Key Found: HKLM\SOFTWARE\Classes\WinZipper.tgz
Key Found: HKLM\SOFTWARE\Classes\WinZipper.tpz
Key Found: HKLM\SOFTWARE\Classes\WinZipper.txz
Key Found: HKLM\SOFTWARE\Classes\WinZipper.vhd
Key Found: HKLM\SOFTWARE\Classes\WinZipper.wim
Key Found: HKLM\SOFTWARE\Classes\WinZipper.xar
Key Found: HKLM\SOFTWARE\Classes\WinZipper.xz
Key Found: HKLM\SOFTWARE\Classes\WinZipper.z
Key Found: HKLM\SOFTWARE\Classes\WinZipper.zip
Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Ap plication\mailUpdate
Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Ap plication\mailUpdate
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Key Found: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found: HKU\.DEFAULT\Software\Auslogics
Key Found: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\DriverToolkit
Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\Mozilla\Extends
Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\ParetoLogic
Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\WEBAPP
Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\Auslogics
Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\AppDataLow\Software\adawarebp
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\SweetIM
Key Found: HKU\S-1-5-18\Software\Auslogics
Key Found: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found: HKCU\Software\DriverToolkit
Key Found: HKCU\Software\Mozilla\Extends
Key Found: HKCU\Software\ParetoLogic
Key Found: HKCU\Software\WEBAPP
Key Found: HKCU\Software\Auslogics
Key Found: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found: HKCU\Software\AppDataLow\Software\adawarebp
Key Found: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found: HKLM\SOFTWARE\hdcode
Key Found: HKLM\SOFTWARE\istart123Software
Key Found: HKLM\SOFTWARE\ParetoLogic
Key Found: HKLM\SOFTWARE\Reimage
Key Found: HKLM\SOFTWARE\AVG Tuneup
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\SweetIM
Key Found: [x64] HKCU\Software\DriverToolkit
Key Found: [x64] HKCU\Software\Mozilla\Extends
Key Found: [x64] HKCU\Software\ParetoLogic
Key Found: [x64] HKCU\Software\WEBAPP
Key Found: [x64] HKCU\Software\Auslogics
Key Found: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found: [x64] HKCU\Software\AppDataLow\Software\adawarebp
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Reimage Protector
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuH andlers\WinZipper
Key Found: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\a vgsh
Key Found: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\WinZipper


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - check point software technologies ltd
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - yahoo.com Search
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - v9.com
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - v9
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - securedsearch.lavasoft.com
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.conduit.com
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - delta-search.com
Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - noajmlkipclmeolfcnflkjhijkigpfjh

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [24348 Bytes] - [26/02/2014 21:52:57]
C:\AdwCleaner\AdwCleaner[R1].txt - [6323 Bytes] - [20/11/2014 16:57:50]
C:\AdwCleaner\AdwCleaner[R2].txt - [6049 Bytes] - [20/11/2014 21:24:18]
C:\AdwCleaner\AdwCleaner[R3].txt - [1219 Bytes] - [21/11/2014 08:00:11]
C:\AdwCleaner\AdwCleaner[R4].txt - [2472 Bytes] - [27/12/2014 18:28:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [20319 Bytes] - [26/02/2014 21:54:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [5108 Bytes] - [20/11/2014 16:59:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [5556 Bytes] - [20/11/2014 21:26:04]
C:\AdwCleaner\AdwCleaner[S3].txt - [1283 Bytes] - [21/11/2014 08:20:31]
C:\AdwCleaner\AdwCleaner[S4].txt - [2234 Bytes] - [27/12/2014 18:30:24]
C:\AdwCleaner\AdwCleaner[S5].txt - [10542 Bytes] - [12/02/2017 11:52:06]
C:\AdwCleaner\AdwCleaner[S6].txt - [10401 Bytes] - [12/02/2017 11:53:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [10475 Bytes] ##########
Reply With Quote


  #17  
Old February 13th, 2017, 01:19 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Run a scan with AdwCleaner again, but this time when it is finished click Clean. Agree to the prompt, and the reboot prompts, then try changing the pointer again.
Reply With Quote
  #18  
Old February 13th, 2017, 02:00 PM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Hi Tom

Followed instructions but no change. I think the virus has overwritten the windows default as it says it's already in use. When I try and change to another cursor I click 'Apply' and for two seconds it changes before changing back. I may have to delete the cursor folder and re-install?

Al
Reply With Quote
  #19  
Old February 14th, 2017, 01:30 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
I was kinda hoping that by the time we got to this point, the problem would have been fixed. Isn't any malware cursor changer I am aware of. The cursor won't change to anything you have tried? I will ask a Moderator to move this request to the Windows 10 forum.
Reply With Quote
  #20  
Old February 14th, 2017, 10:51 AM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Thank you for your time and hep Tom - the good news is that my machine is loading quicker and some little quirks seem to have disappeared. Thank you again.

Al
Reply With Quote
  #21  
Old February 15th, 2017, 01:37 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Anything in this that helps?
Reply With Quote
  #22  
Old February 15th, 2017, 11:24 AM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Quote:
Originally Posted by Jintan View Post
Anything in this that helps?
Sorry Tom but no. Usual thing happens - cursor changes for two seconds before reverting back. Something has to be overwriting the default or system cursor exe file?

Al
Reply With Quote
  #23  
Old February 16th, 2017, 01:08 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Still working on learning 10. I'll ask a Mod to move this to the Windows 10 forum.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 01:20 AM.